Hi,
Microsoft Graph Alert refers to a security alert object provided by the Microsoft Graph Security API, which aggregates and exposes security related data from various Microsoft 365 Defender services and other integrated security solutions.

For example:
Microsoft Defender for Endpoint
Microsoft Defender for Identity
Microsoft Defender for Office 365
Azure AD Identity Protection
Microsoft Threat Intelligence
etc.

From my experience, your integration will likely focus on cloud alerts, and I recommend setting up this integration as well, since it can significantly enhance your curated detection rules.
(I usually find this very powerful after ingesting all types of Defender alerts\events.)

Here is the link for the integration.
https://cloud.google.com/chronicle/docs/ingestion/default-parsers/microsoft-graph-alert

Hope this helps!

thanks ​@Eoved  for the response. Unfortunately, we are not MS shop, we have a small deployment of Azure Cloud environments and wanted to just do a quick win:

• Enable Cloud Defender Threat Detection Services
• Ingest alert to google secops
• Create Detection and alerts using the curated resources ( just as I did for GuardDuty(

Seems to me give that the curated detections should be moved over to “metadata.log_type = "MICROSOFT_DEFENDER_CLOUD_ALERTS"  or have a way to do so easily.  At this point I will just create a custom catch-all detection for this.   Less than ideal , specially if I want to leverage “composite” over distinct T&T and/or name alerts. 

@google team, any plans to adjust this? or help integrate Azure Cloud Defender + leverage Curated detections easier?   After all the curated detections read Azure Cloud Defender…. why I want to integrate with graph? 

thanks